WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability
CVE-2023-50903
9.8CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 December 2024
What is CVE-2023-50903?
A missing authorization vulnerability in the Metform Elementor Contact Form Builder enables unauthorized users to access restricted areas due to improperly configured access control security levels. This issue affects versions of Metform Elementor Contact Form Builder, potentially exposing sensitive user information or allowing unauthorized submissions. Websites utilizing this plugin should assess their security configurations to mitigate the risk posed by this vulnerability.
Affected Version(s)
Metform Elementor Contact Form Builder <= 3.4.0